forked from pool/tpm2.0-tools
Matthias Gerstner
b000df49d3
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
(bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
- Minimum tpm2-tss version dependency bumped to 3.1.0
- Minimum tpm2-abrmd version dependency bumped to 2.4.0
- tss2:
- Support in tools for PolicyRef inclusion in policy search per latest TSS.
- Support to use TPM objects protected by a policy with PolicySigned.
- Enable backward compatibility to old Fapi callback API.
- Fix PCR selection for tss2 quote.
- Support policy signed policies by implementing Fapi_SetSignCB.
- Command/ response parameter support for auditing and pHash policies:
- lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
- Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
- Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
- Session-support:
- tpm2_sessionconfig: Add tool to display and configure session attributes.
- tpm2_getrandom: Fix— session input was hardcoded for audit-only
- tpm2_startauthsession: Add option to specify the bind object and its
authorization value.
- tpm2_startauthsession: support for bounded-only session.
- tpm2_startauthsession: support for salted-only session.
- tpm2_startauthsession: add option to specify an hmac session type.
- Add support for specifying non-authorization sessions for audit and
parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,
OBS-URL: https://build.opensuse.org/package/show/security/tpm2.0-tools?expand=0&rev=70
47 lines
1.6 KiB
Diff
47 lines
1.6 KiB
Diff
From c069e4f179d5e6653a84fb236816c375dca82515 Mon Sep 17 00:00:00 2001
|
|
From: William Roberts <william.c.roberts@intel.com>
|
|
Date: Fri, 21 May 2021 12:22:31 -0500
|
|
Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
|
|
|
|
tpm2_import used a fixed AES key for the inner wrapper, which means that
|
|
a MITM attack would be able to unwrap the imported key. Even the
|
|
use of an encrypted session will not prevent this. The TPM only
|
|
encrypts the first parameter which is the fixed symmetric key.
|
|
|
|
To fix this, ensure the key size is 16 bytes or bigger and use
|
|
OpenSSL to generate a secure random AES key.
|
|
|
|
Fixes: #2738
|
|
|
|
Signed-off-by: William Roberts <william.c.roberts@intel.com>
|
|
---
|
|
tools/tpm2_import.c | 12 +++++++++++-
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
|
|
index cfb6f207..f44326c8 100644
|
|
--- a/tools/tpm2_import.c
|
|
+++ b/tools/tpm2_import.c
|
|
@@ -118,7 +118,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
|
|
TPM2B_DATA enc_sensitive_key = {
|
|
.size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
|
|
};
|
|
- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
|
|
+
|
|
+ if(enc_sensitive_key.size < 16) {
|
|
+ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
|
|
+ return tool_rc_general_error;
|
|
+ }
|
|
+
|
|
+ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
|
|
+ if (ossl_rc != 1) {
|
|
+ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
|
|
+ return tool_rc_general_error;
|
|
+ }
|
|
|
|
/*
|
|
* Calculate the object name.
|
|
--
|
|
2.26.3
|
|
|